P5833 



What is claimed is: 



/is/ 



A method of grouping entries in a directory server, said directory server 
corJQgured to contain roles, the method comprising the step of: 

assigning an entry to an enumerated role, whereby the entry can be selected by 
selectingsall entries that possess the enumerated role. 
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2. The method as in claim 1 wherein the enumerated role is possessed by an arbitrary 
number of entries 

3. The method a^n claim 1, further comprising the step of: 
if an entry that possesses the enumerated role is a nested role, then rejecting that 

entry without further processing of the entry. 
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4. The method of claim l,Yirther comprising the step of: 

providing a set of expressions and boolean operations for use to match entries in a 
directory search. 



5. The method of claim 4, wherei\ the expressions comprise any one or more of 
20 operands connected by the operators, 
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equal 



contains 



sounds like 

greater or equal >= 
less or equal <= 



= where an instance of the attribute exactly 
matches the value; 

* which is used\s a wild card to allow presence check 
or partial matches; 
which is used in name seiches; 
which is used for numericalVomparisons; 
which is used for numerical cc^pparisons; 
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negation 
anc 
or 



! which is used to negate any expression; 

& which is used to combine two expressions; and 
I which is used to select from two expressions. 



S apparatus comprising: 
directory server comprising: 

a first component configured to assign an entry to a first enumerated role, 
whereby the\ntry can be selected by selecting all entries that possess the enumerated 
role. 

7. The apparafijs as in claim 6 wherein the first component assigns an arbitrary 
number of entries to ssdd first enumerated role. 

8. The apparatus as iii claim 6, further comprising: 

a second component coupled to the directory server configured to reject an entry 
without further processing if t^e entry that possesses the enumerated role is a nested role. 

9. The apparatus of claim 6,Vurther comprising: 
a component to provide a^et of expressions and boolean operations for use to 

match entries in a directory search. 

10. The apparatus of claim 9, wherein the expressions comprise any one or more of 
operands connected by the operators, 



equal 



contains 



Where an instance of the attribute exactly 
matches the value; 

* which is used as a wild card to allow presence check 
or partial matches; 
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soundk like which is used in name searches; 

greater W equal >= which is used for numerical comparisons; 

less or equal <= which is used for numerical comparisons; 

negation \ ! which is used to negate any expression; 

and \ & which is used to combine two expressions; and 

or \ I which is used to select from two expressions. 
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